Skip to main content

OpenClaw CVE-2026-43530

| EUVDEUVD-2026-27271 HIGH
Incorrect Authorization (CWE-863)
2026-05-05 VulnCheck GHSA-2cq5-mf3v-mx44
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Analysis Updated
May 05, 2026 - 12:50 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 05, 2026 - 12:37 vuln.today
cvss_changed
CVSS changed
May 05, 2026 - 12:37 NVD
8.8 (HIGH) 8.7 (HIGH)
Source Code Evidence Fetched
May 05, 2026 - 12:18 vuln.today
Analysis Generated
May 05, 2026 - 12:18 vuln.today

DescriptionCVE.org

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.

AnalysisAI

Authenticated remote attackers can bypass exec approval mechanisms in OpenClaw npm package versions 2026.2.23 through 2026.4.11 by invoking busybox or toybox multi-call binaries. The vulnerability (CWE-863: Incorrect Authorization) allows attackers to obscure which applet will execute, weakening risk classification for unsafe operations like shell command injection via 'busybox awk BEGIN{system("id")}' or 'toybox ash -c'. CVSS 8.7 (CVSS:4.0/AV:N/AC:L/PR:L) indicates network-accessible exploitation by low-privileged authenticated users. Vendor-released patch available in version 2026.4.12. EPSS and KEV data not provided; no public exploit identified at time of analysis beyond vendor-disclosed commit.

Technical ContextAI

OpenClaw is an npm package (cpe:2.3:a:openclaw:openclaw) that implements exec approval binding to classify and control subprocess invocations. The vulnerability stems from treating busybox and toybox - multi-call binaries where a single executable provides multiple applets via argv[0] or first argument - as safe binaries without recognizing their opaque runtime behavior. Multi-call binaries like 'busybox sh -c payload' or 'toybox awk BEGIN{system()}' can execute arbitrary commands through applets that weren't explicitly approved. CWE-863 (Incorrect Authorization) applies because the approval mechanism failed to enforce intended access restrictions on these interpreter-like wrappers. The fix refactors unwrapArgvForMutableOperand() to track opaqueMultiplexerSeen, treats busybox/toybox as OPAQUE_MUTABLE_SCRIPT_RUNNERS, and fails closed by returning null from resolveMutableFileOperandIndex() when these binaries are detected, preventing unsafe applet invocations from being approved.

RemediationAI

Upgrade to OpenClaw version 2026.4.12 or later (npm install openclaw@2026.4.14 or newer). The fix in commit 666f48d9b882a8a1415ca53f9567c72499d850c9 (PR #65713) treats busybox and toybox as opaque mutable script runners, failing closed when these binaries are invoked rather than attempting to bind individual applets. Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-2cq5-mf3v-mx44 and patch at https://github.com/openclaw/openclaw/commit/666f48d9b882a8a1415ca53f9567c72499d850c9. If immediate upgrade is not feasible, remove busybox and toybox from tools.exec.safeBins configuration to block invocation (side effect: legitimate use of these utilities will be denied), or migrate to explicit allowlist entries specifying exact applet paths (/bin/busybox-awk) rather than the multiplexer binary, though this requires manual mapping of all needed applets and may be operationally complex.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-43530 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy